366 matches found
squirrelmail: session hijacking - secure flag not set for HTTPS-only cookies
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-4122
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2008-4122
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
PT-2008-5423 · Open Source Matters · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! version 1.5.8 Description: The issue makes it easier for remote attackers to capture the session cookie by intercepting its transmission within an http session, as the secure flag is not set for the session cookie in an https session...
GLSA-200811-02 : Gallery: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200811-02 Gallery: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Gallery 1 and 2: Digital Security Research Group reported a directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1,...
sISAPILocation vulnerability bypasses HTTP header rewrite function
Overview sISAPILocation, an ISAPI Internet Server Application Program Interface filter, contains a vulnerability that allows the HTTP header rewrite function to be bypassed. sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services...
JVN#67060882 sISAPILocation vulnerability bypasses HTTP header rewrite function
sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services. sISAPILocation contains a vulnerability that allows the HTTP header rewrite function to be bypassed. Impact When sISAPILocation is used to configure settings, such as to specify charact...
mantis -- session hijacking vulnerability
The mantis Team reports: When configuring a web application to use only ssl e. g. by forwarding all http-requests to https, a user would expect that sniffing and hijacking the session is impossible. Though, for this to be secure, one needs to set the session cookie to have the secure flag. Else t...
Design/Logic Flaw
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3663
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3663
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3102
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3102
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3102
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3102
CVE-2008-3102 affects MantisBT: vulnerable in Mantis 1.1.x (up to 1.1.2) and 1.2.x (up to 1.2.0a2). Root cause: the session cookie is not marked Secure in HTTPS sessions, enabling potential cookie leakage. Impact stated in sources includes session hijacking through captured cookies; other CVEs in...
menalto gallery: Session hijacking vulnerability, CVE-2008-3102
menalto gallery: Session hijacking vulnerability, CVE-2008-3102 References https://vulners.com/cve/CVE-2008-3102 http://int21.de/cve/CVE-2008-3102-mantis.html http://www.mantisbt.org/bugs/view.php?id=9524 http://www.mantisbt.org/bugs/view.php?id=9533...
FreeBSD : squirrelmail -- Session hijacking vulnerability (a0afb4b9-89a1-11dd-a65b-00163e000016)
Hanno Boeck reports : When configuring a web application to use only ssl e.g. by forwarding all http-requests to https, a user would expect that sniffing and hijacking the session is impossible. Though, for this to be secure, one needs to set the session cookie to have the secure flag. Otherwise...
Squirrelmail: Session hijacking vulnerability, CVE-2008-3663
Squirrelmail: Session hijacking vulnerability, CVE-2008-3663 References https://vulners.com/cve/CVE-2008-3663 http://int21.de/cve/CVE-2008-3663-squirrelmail.html http://enablesecurity.com/2008/08/11/surf-jack-https-will-not-save-you/ https://www.defcon.org/html/defcon-16/dc-16-speakers.htmlPerry...
CVE-2008-3661
The CVE-2008-3661 entry concerns Drupal (likely affected versions 5.10 and 6.4) where the session cookie was not marked Secure in HTTPS, enabling cookie capture by remote attackers via cookie on insecure requests. OpenVAS/Fedora advisories reference updates to Drupal in Fedora 9 (e.g., drupal-6.1...
CVE-2008-3662
CVE-2008-3662 affects Gallery before 1.5.9 and 2.x before 2.2.6. Root cause: session cookies are not marked Secure in HTTPS sessions, allowing cookies to be sent over HTTP and potentially captured by remote attackers. Impact: information disclosure of the session cookie. Remediation: upgrade to G...